Cryptography GPGTools on the Mac is now paid software

GPGTools on the Mac is now paid software
Cloudflare Embraces Google Roughtime, simplifying certificate expiration checks
RFC: naive encryption?
How does constant inputs affect SAT formulation of a problem?
I made an encrypting text editor for Windows. Any expert care to review the code?
Comments on FINALCRYPT ?

GPGTools on the Mac is now paid software

Posted: 22 Sep 2018 02:36 AM PDT

https://twitter.com/GPGTools/status/1043314276784660480

submitted by /u/john_alan
[link] [comments]

Cloudflare Embraces Google Roughtime, simplifying certificate expiration checks

Posted: 21 Sep 2018 06:34 AM PDT

submitted by /u/Natanael_L
[link] [comments]

RFC: naive encryption?

Posted: 21 Sep 2018 10:00 PM PDT

so, i thought up this encryption algorithm a bit ago and been trying to think through ways to crack it, the code will follow, it's perhaps a bit naive and obviously it's has a weakness in that it relies on password, which are notoriously weak...but given a strong password..i think it should be strong...

code:

// From http://baagoe.com/en/RandomMusings/javascript/ // Johannes Baagøe <baagoe@baagoe.com>, 2010 function Mash() { var n = 0xefc8249d; var mash = function(data) { data = data.toString(); for (var i = 0; i < data.length; i++) { n += data.charCodeAt(i); var h = 0.02519603282416938 * n; n = h >>> 0; h -= n; h *= n; n = h >>> 0; h -= n; n += h * 0x100000000; // 2^32 } return (n >>> 0) * 2.3283064365386963e-10; // 2^-32 }; mash.version = 'Mash 0.9'; return mash; } function Alea() { return (function(args) { // Johannes Baagøe <baagoe@baagoe.com>, 2010 var s0 = 0; var s1 = 0; var s2 = 0; var c = 1; if (args.length == 0) { args = [+new Date]; } var mash = Mash(); s0 = mash(' '); s1 = mash(' '); s2 = mash(' '); for (var i = 0; i < args.length; i++) { s0 -= mash(args[i]); if (s0 < 0) { s0 += 1; } s1 -= mash(args[i]); if (s1 < 0) { s1 += 1; } s2 -= mash(args[i]); if (s2 < 0) { s2 += 1; } } mash = null; var random = function() { var t = 2091639 * s0 + c * 2.3283064365386963e-10; // 2^-32 s0 = s1; s1 = s2; return s2 = t - (c = t | 0); }; random.uint32 = function() { return random() * 0x100000000; // 2^32 }; random.fract53 = function() { return random() + (random() * 0x200000 | 0) * 1.1102230246251565e-16; // 2^-53 }; random.version = 'Alea 0.9'; random.args = args; return random; } (Array.prototype.slice.call(arguments))); }; function encryptDecrypt(text,pass) { var chars=[]; var cypherText=""; var rng = new Alea(pass); if(text) { for(var i=0;i<text.length;i++) { chars.push(Math.floor(rng()*255)); } for(var i=0;i<text.length;i++) { cypherText+=String.fromCharCode(text.charCodeAt(i)^chars[i]); } } } var text=prompt("please enter text"); var pass=prompt("please enter a password"); encryptDecrypt(text,pass);

if you press f12 and paste that into the console it should produce a ciphertext, put the same ciphertext in for the text in the prompt with the same password it should produce the clear text.

basically what is happening here is just i take every letter of the cleartext and xor it with a random character, the random character is derived from a pseudorandom number generator using a hash of the password as a seed.

i can't speak to the effectiveness of the hash generator, or the random number generator, in this particular implementation (gonna be making an implementation in C using sha1 for the hash and that whatever RNG i can find that will accept a seed that big and still produce good pseudorandom numbers, then i will compile that to webassembly and use it for the encryption and decryption) my main thing is...i feel like i'm probably overlooking something critical and just don't know enough on the subject to know what i don't know.

the ciphertext and the cleartext will be the same length...i don't know if there is some kinda attack that opens it up to...it shouldn't be weak to frequency analysis since every letter is xored with a random character...it doesn't matter how many times the letter e shows up, for instance, each occurrence is a difference ciphertext.

what about known text...hmm...

so, let's see i have the cleartext of "foobar" and a password of "foobar" and a ciphertext of 0xfe26c3dc6a93..if i didn't know the password, knowing the cleartext and the ciphertext...i can't think how i can workout the password...it's a hash of the password so one wrong letter changes the whole thing, the cleartext is xored with a random character..i'm not even sure i can work out the random characters i xored it with..well probably...i know an xor was done..but i can't just flip my bits..it's an xor not a NOT..and even knowing random characters and the cleartext wouldn't give me anything i can use to derive the password (which i might be able to use to crack other ciphertexts) since you can't derive the seed from the pseudo-random characters it produces.

but maybe the folks here would be better versed in these things to give comments on the suitability and strength of this particular encryption technique?

submitted by /u/tuseroni
[link] [comments]

How does constant inputs affect SAT formulation of a problem?

Posted: 21 Sep 2018 11:35 AM PDT

Lets say I have a black box circuit with N inputs and 1 output. I want to fix the value of M inputs (M<N) and find the value of rest of the inputs (N-M) for which the circuit is satisfiable. If I manually fix the M inputs in the verilog RTL, and convert it to CNF (using abc), will this yield the correct result? Is it the right approach to this kind of problem?

I'm just starting on this so any help will be appreciated. Thanks!

submitted by /u/harshitk11
[link] [comments]

I made an encrypting text editor for Windows. Any expert care to review the code?

Posted: 21 Sep 2018 09:22 AM PDT

The editor has Notepad-like interface and functionalities, but prompts the user for a passphrase before saving or opening a file. The encryption function uses PBKDF2 to derive a 256 bit key for AES and uses a random IV that is then stored with the file.

The source code is on GitHub: https://github.com/m4ff/Cipherpad.

submitted by /u/maffonline
[link] [comments]

Comments on FINALCRYPT ?

Posted: 21 Sep 2018 06:43 AM PDT

https://www.wilderssecurity.com/threads/finalcrypt-file-encryption-program.402346/

Hi, this seems like a back-and-forth ping-pong game.

Does anyone having due competences in cryptography could tell whether this app is safer or better than veracrypt ?

submitted by /u/greenreddits
[link] [comments]